Certified in Risk and Information Systems Control (CRISC) — Question 1070

Which of the following role carriers has to account for collecting data on risk and articulating risk?

Answer options

• A. Enterprise risk committee
• B. Business process owner
• C. Chief information officer (CIO)
• D. Chief risk officer (CRO)

Correct answer: D

Explanation

The Chief Risk Officer (CRO) is specifically tasked with overseeing risk management and ensuring that data on risk is collected and communicated effectively. The other roles, while important, do not have this primary responsibility; the Enterprise Risk Committee focuses on policy and oversight, the Business Process Owner manages specific processes, and the CIO primarily handles IT strategy and operations.